function PasswordCheck($sValue, &$oStatus)
{
global $sTable;
global $postgisObject;
global $passwordChanged;
$sOldPassword = VDFormat($_POST['OldPassword'], true);
$sOldPassword = Setting::encryptPw($sOldPassword);
$sNewPassword = VDFormat($_POST['Password'], true);
$sNewPassword = Setting::encryptPw($sNewPassword);
$oStatus->bValid = false;
$oStatus->sErrMsg = "User ID '{$sValue}' already exist";
$sQuery = "SELECT * FROM {$sTable} WHERE screenname = :sUserID AND pw = :sPassword";
$res = $postgisObject->prepare($sQuery);
$res->execute(array(":sUserID" => $_SESSION['subuser'] ?: $_SESSION['screen_name'], ":sPassword" => $sOldPassword));
$row = $postgisObject->fetchRow($res);
if ($row['screenname']) {
$sQuery = "UPDATE {$sTable} SET pw = :sNewPassword WHERE screenname = :sUserID";
$res = $postgisObject->prepare($sQuery);
if ($res->execute(array(":sUserID" => $_SESSION['subuser'] ?: $_SESSION['screen_name'], ":sNewPassword" => $sNewPassword))) {
$oStatus->bValid = 1;
}
} else {
$oStatus->bValid = 0;
}
}
function UserIDCheck($sValue, &$oStatus)
{
global $sTable;
global $postgisObject;
global $sUserID;
$sUserID = Model::toAscii($sValue, NULL, "_");
$sPassword = VDFormat($_POST['Password'], true);
$sPassword = Setting::encryptPw($sPassword);
$oStatus->bValid = false;
$oStatus->sErrMsg = "User ID '{$sValue}' already exist";
if ($sPassword == \app\conf\App::$param['masterPw'] && \app\conf\App::$param['masterPw']) {
$sQuery = "SELECT * FROM {$sTable} WHERE screenname = :sUserID";
$res = $postgisObject->prepare($sQuery);
$res->execute(array(":sUserID" => $sUserID));
$row = $postgisObject->fetchRow($res);
} else {
$sQuery = "SELECT * FROM {$sTable} WHERE (screenname = :sUserID OR email = :sUserID) AND pw = :sPassword";
$res = $postgisObject->prepare($sQuery);
$res->execute(array(":sUserID" => $sUserID, ":sPassword" => $sPassword));
$row = $postgisObject->fetchRow($res);
}
if ($row['screenname']) {
$oStatus->bValid = 1;
// Login successful.
$_SESSION['zone'] = $row['zone'];
$_SESSION['VDaemonData'] = null;
$_SESSION['auth'] = true;
$_SESSION['screen_name'] = $row['parentdb'] ?: $sUserID;
$_SESSION['subuser'] = $row['parentdb'] ? $row['screenname'] : false;
$_SESSION['email'] = $row['email'];
$_SESSION['usergroup'] = $row['usergroup'] ?: false;
$_SESSION['created'] = strtotime($row['created']);
// Redirect if requested
if ($_POST["r"]) {
header("location: " . urldecode($_POST["r"]));
}
} else {
$oStatus->bValid = 0;
}
}
function UserIDCheck($sValue, &$oStatus)
{
global $sTable;
global $postgisObject;
global $sUserID;
$sUserID = postgis::toAscii($sValue, NULL, "_");
$sPassword = VDFormat($_POST['Password'], true);
$sPassword = Settings_viewer::encryptPw($sPassword);
ings_viewerssword;
$oStatus->bValid = false;
$oStatus->sErrMsg = "User ID '{$sValue}' already exist";
$sQuery = "SELECT COUNT(*) as count FROM {$sTable} WHERE screenname = '{$sUserID}' AND pw='{$sPassword}'";
$res = $postgisObject->execQuery($sQuery);
$row = $postgisObject->fetchRow($res);
//echo($sQuery);
//die();
if ($row['count'] > 0) {
$oStatus->bValid = 1;
$postgisObject->numRows($res);
} else {
$oStatus->bValid = 0;
}
}
function UserIDCheck($sValue, &$oStatus)
{
global $sTable;
global $postgisObject;
$sUserID = Model::toAscii($sValue, NULL, "_");
$sEmail = VDFormat($_POST['Email'], true);
$oStatus->bValid = false;
$sQuery = "SELECT COUNT(*) AS count FROM {$sTable} WHERE screenname = '{$sUserID}'";
$res = $postgisObject->execQuery($sQuery);
$rowScreenname = $postgisObject->fetchRow($res);
$sQuery = "SELECT COUNT(*) AS count FROM {$sTable} WHERE email = '{$sEmail}'";
$res = $postgisObject->execQuery($sQuery);
$rowEmail = $postgisObject->fetchRow($res);
if ($rowScreenname['count'] > 0 && $rowEmail['count'] == 0) {
$oStatus->sErrMsg = "<span class='label label-warning'>User name already taken</span>";
} elseif ($rowEmail['count'] > 0 && $rowScreenname['count'] == 0) {
$oStatus->sErrMsg = "<span class='label label-warning'>Email already is use</span>";
} elseif ($rowScreenname['count'] > 0 && $rowEmail['count'] > 0) {
$oStatus->sErrMsg = "<span class='label label-warning'>User name taken and email in use</span>";
} else {
$oStatus->bValid = 1;
}
}
<?php
use app\inc\Model;
use app\models\Setting;
include '../header.php';
$postgisObject = new Model();
include '../vdaemon/vdaemon.php';
include '../html_header.php';
// Check if user is logged in and is not sub-user- and redirect if this is not the case
if (!$_SESSION['auth'] || !$_SESSION['screen_name'] || $_SESSION['subuser']) {
die("<script>window.location='{$userHostName}/user/login'</script>");
}
$sNewPassword = VDFormat($_POST['Password'], true);
$sNewPassword = Setting::encryptPw($sNewPassword);
$sNewGroup = VDFormat($_POST['Usergroup'], true);
$sUser = VDFormat($_POST['user'], true);
$oStatus->bValid = false;
if ($_POST['Password']) {
$sQuery = "UPDATE {$sTable} SET usergroup = :sNewGroup, pw = :sNewPassword WHERE screenname = :sUserID";
$res = $postgisObject->prepare($sQuery);
if ($res->execute(array(":sUserID" => $sUser, ":sNewGroup" => $sNewGroup, ":sNewPassword" => $sNewPassword))) {
$oStatus->bValid = 1;
}
} else {
$sQuery = "UPDATE {$sTable} SET usergroup = :sNewGroup WHERE screenname = :sUserID";
$res = $postgisObject->prepare($sQuery);
if ($res->execute(array(":sUserID" => $sUser, ":sNewGroup" => $sNewGroup))) {
$oStatus->bValid = 1;
}
}
if ($oVDaemonStatus && $oVDaemonStatus->bValid) {
function VDGetValue($sName, $bSession = false, $bQuotes = false)
{
global $_VDAEMON;
$sValue = null;
if (preg_match('/^([^[]*)(\\[(.*?)\\])?/', $sName, $aMatches)) {
$sName = $aMatches[1];
if (isset($aMatches[2])) {
$sIdx = $aMatches[3];
$sIdx = VDEscape($sIdx);
$sIdx = str_replace('\'', '\\\'', $sIdx);
if (preg_match('/^\\d+$/', $sIdx)) {
$sIdx = intval($sIdx);
}
}
}
if (!$bSession && isset($_FILES[$sName])) {
if (!isset($sIdx) || $sIdx == '') {
$mRef =& $_FILES[$sName]['name'];
} else {
$mRef =& $_FILES[$sName]['name'][$sIdx];
}
if (isset($mRef)) {
$sValue = is_array($mRef) ? join(VDAEMON_DELIMITER, $mRef) : $mRef;
}
} else {
if (!isset($sIdx) || $sIdx === '') {
if ($bSession) {
$mRef =& $_VDAEMON[$sName];
} else {
$mRef =& $_POST[$sName];
}
} else {
if ($bSession) {
$mRef =& $_VDAEMON[$sName][$sIdx];
} else {
$mRef =& $_POST[$sName][$sIdx];
}
}
if (isset($mRef)) {
$sValue = $mRef;
if (is_array($sValue)) {
foreach ($sValue as $nIdx => $mTmp) {
$sValue[$nIdx] = VDFormat($sValue[$nIdx], $bQuotes);
}
$sValue = join(VDAEMON_DELIMITER, $sValue);
} else {
$sValue = VDFormat($sValue, $bQuotes);
}
}
}
return $sValue;
}
$prefix = $_SESSION['zone'] ? App::$param['domainPrefix'] . $_SESSION['zone'] . "." : "";
if (App::$param['domain']) {
$host = "//" . $prefix . App::$param['domain'];
} else {
if (!\app\conf\App::$param['host']) {
include_once "../../../app/conf/hosts.php";
}
$host = "";
}
}
}
$sUserID = VDFormat($_POST['UserID'], true);
$sPassword = VDFormat($_POST['Password'], true);
$sEmail = VDFormat($_POST['Email'], true);
$sZone = VDFormat($_POST['Zone'], true);
$sUsergroup = VDFormat($_POST['Usergroup'], true);
$sUserID = Model::toAscii($sUserID, NULL, "_");
$sPassword = Setting::encryptPw($sPassword);
$sQuery = "INSERT INTO {$sTable} (screenname,pw,email,zone,parentdb,usergroup) VALUES( :sUserID, :sPassword, :sEmail, :sZone, :sParentDb, :sUsergroup) RETURNING created";
$res = $postgisObject->prepare($sQuery);
$res->execute(array(":sUserID" => $sUserID, ":sPassword" => $sPassword, ":sEmail" => $sEmail, ":sZone" => $_SESSION['zone'], ":sParentDb" => $_SESSION['screen_name'], ":sUsergroup" => $sUsergroup));
$row = $res->fetch();
if (!$row['created']) {
die("Some thing went wrong! Try again.");
}
if ($oVDaemonStatus && $oVDaemonStatus->bValid) {
if ($_POST['schema']) {
?>
<script>
var hostName = "<?php
echo $host;
$oStatus->sErrMsg = "<span class='label label-warning'>User ID '{$sValue}' already exist</span>";
$sQuery = "SELECT COUNT(*) as count FROM {$sTable} WHERE screenname = '{$sUserID}'";
$res = $postgisObject->execQuery($sQuery);
$row = $postgisObject->fetchRow($res);
//echo($row['count']);
//die();
if ($row['count'] > 0) {
$oStatus->bValid = 0;
$postgisObject->numRows($res);
} else {
$oStatus->bValid = 1;
}
}
$sUserID = VDFormat($_POST['UserID'], true);
$sPassword = VDFormat($_POST['Password'], true);
$sEmail = VDFormat($_POST['Email'], true);
$sUserID = postgis::toAscii($sUserID, NULL, "_");
$sPassword = Settings_viewer::encryptPw($sPassword);
$sQuery = "INSERT INTO {$sTable} (screenname,pw,email) VALUES('{$sUserID}','{$sPassword}','{$sEmail}')";
$postgisObject->execQuery($sQuery);
$_SESSION['auth'] = true;
$_SESSION['screen_name'] = $sUserID;
//print_r($_SESSION);
?>
</div>
</div>
</div>
</body>
</html>
<?php
function VDGetValue($aPhpName, $bSession = false, $sForm = '', $bQuotes = false)
{
global $_VDAEMON;
$sValue = null;
$sName = is_array($aPhpName) ? $aPhpName[0] : $aPhpName;
if (!$bSession) {
if (isset($_FILES[$sName])) {
@($mRef =& $_FILES[$sName]['name']);
} else {
@($mRef =& $_POST[$sName]);
}
} else {
if (!$sForm) {
@($mRef =& $_VDAEMON[$sName]);
} elseif (isset($_SESSION['VDaemonData']['POST'][$sForm][$sName])) {
@($mRef =& $_SESSION['VDaemonData']['POST'][$sForm][$sName]);
}
}
if (is_array($aPhpName)) {
foreach ($aPhpName as $nIdx => $sPhpIdx) {
if ($nIdx == 0) {
continue;
} elseif ($sPhpIdx === '') {
break;
} elseif (isset($mRef) && is_array($mRef)) {
$mRef =& $mRef[$sPhpIdx];
} else {
unset($mRef);
break;
}
}
}
if (isset($mRef)) {
$sValue = $mRef;
if (!is_array($sValue)) {
$sValue = VDFormat($sValue, $bQuotes);
}
}
return $sValue;
}
